Lettings users append to file but not read the file.
Posted on 1998-01-09
The question that needs to be answered is...what is the customary way that a FrontPage "web-bot" is allowed to write to a text file, but users are not allowed to view this file in their browser, and if the customary way does not work, why not?
I have a web site on an NT server, created with FrontPage. We inserted a web-bot component that appends form results to a file. We would like to prevent users from reading this same file.
This seems like an obvious solution...tweak the NTFS permissions so that IUSR, Interactive, and NEtwork all have write-only access to the file. But the event log shows a different story...if IUSR has only "write" permissions to that result file, he cannot post the results. The event log shows that the failing operation was a "read."
Evidently this ISAPI web-bot or whatever requires "read" permissions in order to write to a file. But I don't want people to read it.
I have also tried dropping it into _private. No dice, I can still enter the full URL and see the file. As far as putting a dummy "index.html" file, please don't go any further if that's your answer.
Thanks in advance.